Lucene search
+L

5 matches found

github
github
added 2026/06/26 10:52 p.m.6 views

pnpm: Unsafe default behavior breaks integrity check

While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...

8.1CVSS5.7AI score0.00113EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/06/25 4:43 p.m.4 views

CVE-2026-55698 pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS6.2AI score0.00193EPSS
Exploits1References3
cvelist
cvelist
added 2026/06/25 4:43 p.m.32 views

CVE-2026-55698 pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS0.00193EPSS
Exploits1References1
osv
osv
added 2025/09/26 9:39 a.m.3 views

MAL-2025-47715 Malicious code in pnpm_lockfile_file_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
ossf
ossf
added 2025/09/26 9:39 a.m.3 views

Malicious code in pnpm_lockfile_file_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder